Skip to content

Asset Discovery That Improves The More You Use It

A SCADAfence New Feature report The first question we’re usually asked by any CISO who wants to increase their OT security posture is about asset visibility and management. Gathering a comprehensive and accurate inventory of all the devices attached to an OT network is often the primary need driving an organization to seek assistance, and the biggest barrier to achieving their goals for security and compliance. It’s the right question to be asking, and the best place to start.
As we’ve written before, you can’t protect what you can’t see, or what you don’t know exists. Let’s also add that the more detailed information you can gather about each asset on your OT network, the better your protection, prioritization, and compliance will be. Therefore, the asset detection and management capabilities of an OT security platform are the bedrock on which the rest of the security solution stands.

Limitations of Most Asset Discovery Systems

Unfortunately, most asset management systems have serious limitations. They are stuck with static detection and inventory. The system finds a device on the network, decides what it is, adds some details, and presents the security team with an unalterable asset list. They are unable to successfully identify the type of device, protocols in use, and the vendor with 100% accuracy. Moreover, they lack any ability to learn how to do detection better. These systems were designed with no user-configurable options that would allow a security team to customize the asset inventory, change information about each device type, create new device types, or customize alerts based on device type to meet their security needs.

Introducing Device Type Learning

As part of its passive information gathering, the SCADAfence Platform can learn more about your network’s devices and improve how it recognizes and identifies each device type. In addition, your security team can manually change, customize or add details about each device type, and even create new device types. Device Type Learning allows the system to learn to accurately identify new devices based on their IP address or range of addresses, vendor type, similar network behavior or similar protocols in use. Also, you can rename devices, so if the system detected one as a certain asset type, but you would like it to me more specific or assign it a different type, you can manually change the asset name. All other identical devices on the network would then be associated with the new name and asset type.

Customizing Asset TypesDevice Type Learning allows you to change the device type 

This results in close to 100% asset inventory coverage. Device Type Learning deploys quickly and offers tremendous flexibility, without needing to involve the device vendors. In the SCADAfence platform’s asset manager module and in particular the pivot view, the new device type can be viewed effortlessly. Device Type Learning assists with prioritizing and customizing alerts. If the system detects unauthorized access it helps to know exactly which device was accessed. An alert about a PLC, for example, can be assigned a higher priority level than another less critical device.

Customizing device type rulesCustomized device type rules 

Summary of benefits to the user of Device Type Learning

  • Real time, detailed and comprehensive asset inventory with close to 100% accuracy.
  • User receives better adapted standard alerts
  • Network activity is can be monitored more precisely
  • Learning is done passively and automatically with no disruption to the OT network
  • Asset names and device types are customizable and can be changed to meet the organization’s needs
  • No need to involve vendor in order to add new device types to the monitoring system
SCADAfence New Feature Reports is an occasional series of blogs exploring the many newly added features of the SCADAfence Platform in detail. For more information, or to see SCADAfence in action, request a personalized demo.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.